Snort mailing list archives
Re: Additional debugging information: Query execution error: Database ERROR:Unknown column 'ip_src0' in 'field list'
From: "Roman Danyliw" <roman () danyliw com>
Date: Sat, 16 Feb 2002 10:38:14 -0500 (EST)
All the extra debug information is helpful. However, could you please verify that you upgraded to v0.9.6b20. No version of ACID past 0.9.6b16 makes any reference to the fields ip_src0-3 or ip_dst0-3. Roman On Fri, 15 Feb 2002 17:09:03 -0500, Bruce Platt <Bruce () ei3 com> wrote :
I set $debug_mode=1 in acid_conf.php, and here is the additional debugging
info produced when this error occurs:
importing GET var 'submit'
importing GET var 'current_view'
importing GET var 'num_result_rows'
Warning: Cannot send session cache limiter - headers already sent (output
started at /var/www/html/acid/acid_common.php:273) in
/var/www/html/acid/acid_common.php on line 125
Session Registered
importing GET var 'time'
Checking for DB abstraction lib in '/var/www/html/acid/adodb.inc.php'
URL: '/acid/acid_pkt_main.php' (refered by:
'http://webserver/acid/acid_main.php')
PARAMETERS:
'&num_result_rows=-1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=+&submit=Query+
DB¤t_view=-1'
CLIENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461;
Q312461)
SERVER: Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.6
OpenSSL/0.9.5a DAV/1.0.1 PHP/4.0.5 mod_perl/1.24
DATABASE TYPE: mysql
PHP VERSION: 4.0.5 DB ABSTRACTION VERSION:
new: ''
submit: 'Query DB'
sort_order: ''
num_result_rows: '-1' current_view: '-1'
layer4: ''
time_cnt ip_addr_cnt ip_field_cnt tcp_port_cnt tcp_field_cnt udp_port_cnt
udp_field_cnt icmp_field_cnt data_cnt
0 0 0 0 0 0 0 0 0
caller =
action=
ag_add_key=
----------------------------------------------------------------------------
----
IP first 0 0 0 0
IP masking 0 0 0 0 = 0
IP back 0: 0 0 0 0
SQL (save_sql): SELECT event.sid, event.cid, signature, timestamp, ip_src0,
ip_src1, ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM
event INNER JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE
event.cid > 0Query execution error: Database ERROR:Unknown column 'ip_src0'
in 'field list'
SELECT event.sid, event.cid, signature, timestamp, ip_src0, ip_src1,
ip_src2, ip_src3, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_proto FROM event
LEFT JOIN iphdr ON event.sid=iphdr.sid AND event.cid=iphdr.cid WHERE
event.cid > 0
If I look at my iphdr table, there are only these fields defined:
mysql> desc iphdr;
+----------+----------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------------------+------+-----+---------+-------+
| sid | int(10) unsigned | | PRI | 0 | |
| cid | int(10) unsigned | | PRI | 0 | |
| ip_src | int(10) unsigned | | MUL | 0 | |
| ip_dst | int(10) unsigned | | MUL | 0 | |
| ip_ver | tinyint(3) unsigned | YES | | NULL | |
| ip_hlen | tinyint(3) unsigned | YES | | NULL | |
| ip_tos | tinyint(3) unsigned | YES | | NULL | |
| ip_len | smallint(5) unsigned | YES | | NULL | |
| ip_id | smallint(5) unsigned | YES | | NULL | |
| ip_flags | tinyint(3) unsigned | YES | | NULL | |
| ip_off | smallint(5) unsigned | YES | | NULL | |
| ip_ttl | tinyint(3) unsigned | YES | | NULL | |
| ip_proto | tinyint(3) unsigned | | | 0 | |
| ip_csum | smallint(5) unsigned | YES | | NULL | |
+----------+----------------------+------+-----+---------+-------+
This is for schema version 104 from the snort-stable which I downloaded
yesterday.
I have seen posts where people clearly have 22 fields in ipheadr, the 14
above plus ip_src0 - ip_src4 and ipdst0 - ip_dst4.
Where do these come from? Where can I find the definition file to load into
mysql?
Any and all help greatly appreciated.
Regards,
Bruce
-----Original Message-----
From: Bruce Platt [mailto:Bruce () ei3 com]
Sent: Friday, February 15, 2002 1:12 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Query execution error: Database ERROR:Unknown
column 'ip_src0' in 'field list'
I now have yesterday's snort-stable running and logging happily to a mysql
db. Using acid 0.9.6b20, I receive the following error when attempting to
query db about alert details:
Database ERROR:Unknown column 'ip_src0' in 'field list'. Similar error for
ip_dst0.
Looking at some posts using a google search suggests that last year there
was some discussion related to b10 release of acid and the fact that not all
necessary code was committed.
Examining the snort-stable/contrib/create_mysql shows no fields labled
ip_src0 in the definitions, however, there are clearly a field labeled
ip_src in the iphdr table definition as well as ip_dst.
Have I left out an important step somewhere, should I have used some other
version of create_mysql?
Thanks and regards
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Additional debugging information: Query execution error: Database ERROR:Unknown column 'ip_src0' in 'field list' Bruce Platt (Feb 15)
- <Possible follow-ups>
- Re: Additional debugging information: Query execution error: Database ERROR:Unknown column 'ip_src0' in 'field list' Roman Danyliw (Feb 16)